Skip to content

Commit

Permalink
rtsp: fix authentication when algorithm field is not supported (#3116)
Browse files Browse the repository at this point in the history
  • Loading branch information
aler9 committed May 15, 2024
1 parent c0ad6e4 commit bb3934b
Show file tree
Hide file tree
Showing 9 changed files with 25 additions and 29 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ require (
github.com/abema/go-mp4 v1.2.0
github.com/alecthomas/kong v0.9.0
github.com/bluenviron/gohlslib v1.3.2
github.com/bluenviron/gortsplib/v4 v4.9.0
github.com/bluenviron/gortsplib/v4 v4.9.1-0.20240515082130-f283abc2e7cd
github.com/bluenviron/mediacommon v1.10.0
github.com/datarhei/gosrt v0.6.0
github.com/fsnotify/fsnotify v1.7.0
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ github.com/bluenviron/gohlslib v1.3.2 h1:xRiPfMIeYCkspL6jYa7Qrl4pIY+1w7IvFjx49Cs
github.com/bluenviron/gohlslib v1.3.2/go.mod h1:1/m7A2o5IWyBdZeauXe2bViu2l1mL2l8DMQl9302A2U=
github.com/bluenviron/gortsplib/v4 v4.9.0 h1:Zm/XuKDBQrU0Hcm4wqBhGX0U3hUAVh0Wm7cvJpbJWyU=
github.com/bluenviron/gortsplib/v4 v4.9.0/go.mod h1:0XtUPbNFHNpMz4Sa70PmSelvclWTTJujHfSKkhuLpxg=
github.com/bluenviron/gortsplib/v4 v4.9.1-0.20240515082130-f283abc2e7cd h1:w1Uml4bXdixu7cArQ3JyiZTpaKzZ31eP9+bWoPPkWcY=
github.com/bluenviron/gortsplib/v4 v4.9.1-0.20240515082130-f283abc2e7cd/go.mod h1:iLJ1tmwGMbaN04ZYh/KRlAHsCbz9Rycn7cPAvdR+Vkc=
github.com/bluenviron/mediacommon v1.10.0 h1:ffIWaS+1vYpPLV6QOt4VEvIlb/OKtodzagzsY6EDOnw=
github.com/bluenviron/mediacommon v1.10.0/go.mod h1:HDyW2CzjvhYJXtdxstdFPio3G0qSocPhqkhUt/qffec=
github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
Expand Down
14 changes: 5 additions & 9 deletions internal/auth/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ type Manager struct {
HTTPExclude []conf.AuthInternalUserPermission
JWTJWKS string
ReadTimeout time.Duration
RTSPAuthMethods []headers.AuthMethod
RTSPAuthMethods []auth.ValidateMethod

mutex sync.RWMutex
jwtHTTPClient *http.Client
Expand All @@ -137,19 +137,15 @@ func (m *Manager) Authenticate(req *Request) error {
func (m *Manager) authenticateInner(req *Request) error {
// if this is a RTSP request, fill username and password
var rtspAuthHeader headers.Authorization

if req.RTSPRequest != nil {
err := rtspAuthHeader.Unmarshal(req.RTSPRequest.Header["Authorization"])
if err == nil {
switch rtspAuthHeader.Method {
case headers.AuthBasic:
if rtspAuthHeader.Method == headers.AuthMethodBasic {
req.User = rtspAuthHeader.BasicUser
req.Pass = rtspAuthHeader.BasicPass

case headers.AuthDigestMD5:
} else { // digest
req.User = rtspAuthHeader.Username

default:
return fmt.Errorf("unsupported RTSP authentication method")
}
}
}
Expand Down Expand Up @@ -197,7 +193,7 @@ func (m *Manager) authenticateWithUser(
}

if u.User != "any" {
if req.RTSPRequest != nil && rtspAuthHeader.Method == headers.AuthDigestMD5 {
if req.RTSPRequest != nil && rtspAuthHeader.Method == headers.AuthMethodDigest {
err := auth.Validate(
req.RTSPRequest,
string(u.User),
Expand Down
5 changes: 2 additions & 3 deletions internal/auth/manager_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import (
"github.com/MicahParks/jwkset"
"github.com/bluenviron/gortsplib/v4/pkg/auth"
"github.com/bluenviron/gortsplib/v4/pkg/base"
"github.com/bluenviron/gortsplib/v4/pkg/headers"
"github.com/bluenviron/mediamtx/internal/conf"
"github.com/golang-jwt/jwt/v5"
"github.com/stretchr/testify/require"
Expand Down Expand Up @@ -157,14 +156,14 @@ func TestAuthInternalRTSPDigest(t *testing.T) {
},
},
HTTPAddress: "",
RTSPAuthMethods: []headers.AuthMethod{headers.AuthDigestMD5},
RTSPAuthMethods: []auth.ValidateMethod{auth.ValidateMethodDigestMD5},
}

u, err := base.ParseURL("rtsp://127.0.0.1:8554/mypath")
require.NoError(t, err)

s, err := auth.NewSender(
auth.GenerateWWWAuthenticate([]headers.AuthMethod{headers.AuthDigestMD5}, "IPCAM", "mynonce"),
auth.GenerateWWWAuthenticate([]auth.ValidateMethod{auth.ValidateMethodDigestMD5}, "IPCAM", "mynonce"),
"myuser",
"mypass",
)
Expand Down
8 changes: 4 additions & 4 deletions internal/conf/conf.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (

"github.com/bluenviron/gohlslib"
"github.com/bluenviron/gortsplib/v4"
"github.com/bluenviron/gortsplib/v4/pkg/headers"
"github.com/bluenviron/gortsplib/v4/pkg/auth"

"github.com/bluenviron/mediamtx/internal/conf/decrypt"
"github.com/bluenviron/mediamtx/internal/conf/env"
Expand Down Expand Up @@ -47,7 +47,7 @@ func firstThatExists(paths []string) string {
return ""
}

func contains(list []headers.AuthMethod, item headers.AuthMethod) bool {
func contains(list []auth.ValidateMethod, item auth.ValidateMethod) bool {
for _, i := range list {
if i == item {
return true
Expand Down Expand Up @@ -359,7 +359,7 @@ func (conf *Conf) setDefaults() {
conf.MulticastRTCPPort = 8003
conf.ServerKey = "server.key"
conf.ServerCert = "server.crt"
conf.RTSPAuthMethods = RTSPAuthMethods{headers.AuthBasic}
conf.RTSPAuthMethods = RTSPAuthMethods{auth.ValidateMethodBasic}

// RTMP server
conf.RTMP = true
Expand Down Expand Up @@ -577,7 +577,7 @@ func (conf *Conf) Validate() error {
if conf.AuthMethods != nil {
conf.RTSPAuthMethods = *conf.AuthMethods
}
if contains(conf.RTSPAuthMethods, headers.AuthDigestMD5) {
if contains(conf.RTSPAuthMethods, auth.ValidateMethodDigestMD5) {
if conf.AuthMethod != AuthMethodInternal {
return fmt.Errorf("when RTSP digest is enabled, the only supported auth method is 'internal'")
}
Expand Down
10 changes: 5 additions & 5 deletions internal/conf/rtsp_auth_methods.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,19 +6,19 @@ import (
"sort"
"strings"

"github.com/bluenviron/gortsplib/v4/pkg/headers"
"github.com/bluenviron/gortsplib/v4/pkg/auth"
)

// RTSPAuthMethods is the rtspAuthMethods parameter.
type RTSPAuthMethods []headers.AuthMethod
type RTSPAuthMethods []auth.ValidateMethod

// MarshalJSON implements json.Marshaler.
func (d RTSPAuthMethods) MarshalJSON() ([]byte, error) {
out := make([]string, len(d))

for i, v := range d {
switch v {
case headers.AuthBasic:
case auth.ValidateMethodBasic:

Check warning on line 21 in internal/conf/rtsp_auth_methods.go

View check run for this annotation

Codecov / codecov/patch

internal/conf/rtsp_auth_methods.go#L21

Added line #L21 was not covered by tests
out[i] = "basic"

default:
Expand All @@ -43,10 +43,10 @@ func (d *RTSPAuthMethods) UnmarshalJSON(b []byte) error {
for _, v := range in {
switch v {
case "basic":
*d = append(*d, headers.AuthBasic)
*d = append(*d, auth.ValidateMethodBasic)

case "digest":
*d = append(*d, headers.AuthDigestMD5)
*d = append(*d, auth.ValidateMethodDigestMD5)

Check warning on line 49 in internal/conf/rtsp_auth_methods.go

View check run for this annotation

Codecov / codecov/patch

internal/conf/rtsp_auth_methods.go#L49

Added line #L49 was not covered by tests

default:
return fmt.Errorf("invalid authentication method: '%s'", v)
Expand Down
3 changes: 1 addition & 2 deletions internal/servers/rtsp/conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"github.com/bluenviron/gortsplib/v4"
rtspauth "github.com/bluenviron/gortsplib/v4/pkg/auth"
"github.com/bluenviron/gortsplib/v4/pkg/base"
"github.com/bluenviron/gortsplib/v4/pkg/headers"
"github.com/google/uuid"

"github.com/bluenviron/mediamtx/internal/auth"
Expand All @@ -27,7 +26,7 @@ const (
type conn struct {
isTLS bool
rtspAddress string
authMethods []headers.AuthMethod
authMethods []rtspauth.ValidateMethod
readTimeout conf.StringDuration
runOnConnect string
runOnConnectRestart bool
Expand Down
4 changes: 2 additions & 2 deletions internal/servers/rtsp/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ import (
"time"

"github.com/bluenviron/gortsplib/v4"
"github.com/bluenviron/gortsplib/v4/pkg/auth"
"github.com/bluenviron/gortsplib/v4/pkg/base"
"github.com/bluenviron/gortsplib/v4/pkg/headers"
"github.com/bluenviron/gortsplib/v4/pkg/liberrors"
"github.com/google/uuid"

Expand Down Expand Up @@ -59,7 +59,7 @@ type serverParent interface {
// Server is a RTSP server.
type Server struct {
Address string
AuthMethods []headers.AuthMethod
AuthMethods []auth.ValidateMethod
ReadTimeout conf.StringDuration
WriteTimeout conf.StringDuration
WriteQueueSize int
Expand Down
6 changes: 3 additions & 3 deletions internal/servers/rtsp/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ import (
"time"

"github.com/bluenviron/gortsplib/v4"
"github.com/bluenviron/gortsplib/v4/pkg/auth"
"github.com/bluenviron/gortsplib/v4/pkg/base"
"github.com/bluenviron/gortsplib/v4/pkg/description"
"github.com/bluenviron/gortsplib/v4/pkg/format"
"github.com/bluenviron/gortsplib/v4/pkg/headers"
"github.com/bluenviron/mediamtx/internal/asyncwriter"
"github.com/bluenviron/mediamtx/internal/conf"
"github.com/bluenviron/mediamtx/internal/defs"
Expand Down Expand Up @@ -93,7 +93,7 @@ func TestServerPublish(t *testing.T) {

s := &Server{
Address: "127.0.0.1:8557",
AuthMethods: []headers.AuthMethod{headers.AuthBasic},
AuthMethods: []auth.ValidateMethod{auth.ValidateMethodBasic},
ReadTimeout: conf.StringDuration(10 * time.Second),
WriteTimeout: conf.StringDuration(10 * time.Second),
WriteQueueSize: 512,
Expand Down Expand Up @@ -184,7 +184,7 @@ func TestServerRead(t *testing.T) {

s := &Server{
Address: "127.0.0.1:8557",
AuthMethods: []headers.AuthMethod{headers.AuthBasic},
AuthMethods: []auth.ValidateMethod{auth.ValidateMethodBasic},
ReadTimeout: conf.StringDuration(10 * time.Second),
WriteTimeout: conf.StringDuration(10 * time.Second),
WriteQueueSize: 512,
Expand Down

0 comments on commit bb3934b

Please sign in to comment.